This Data Protection Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your Personal Data, and your consents herein are additional to any rights which to any of the Companies may have at law to collect, use or disclose your Personal Data.
This policy applies to any individual’s Personal Data which is in our possession or under our control.
1. INFORMATION COLLECTION AND USE
1. Information BASIS ID may collect from You on behalf of the Service Providers:
1.1.1 When registering a user account, completing the know-your-customer process for your identification (“KYC”) and/or using our Services we will collect certain personal information (“Personal Data”) that you will provide directly to us. The types of information we may collect on behalf of our customers (“Service Providers”) are as follows:
- Contact information (e.g your name, country of citizenship, mailing address, telephone number, and email address);
- Identification data (e.g copy of passport or other identification document, document to verify your place of residence, photos or videos for facial recognition);
- Banking information (e.g bank statement);
- Biographic or demographic information (e.g your date of birth, gender, (if applicable)
- Biometric data: (e.g video recording of your face from different angles measures and matches the unique characteristics for the purposes of biometric identification or authentication);
- Social network data (e.g your Facebook, Google, LinkedIn, Twitter, Instagram usernames);
- User account data (e.g your username and password to access the BASIS ID Services);
- Payment data (e.g bank account or credit card number);
- Personal opinions made known to us (e.g. feedback or responses to surveys)
1.1.2 Collecting some of the information described above is obligatory to register your BASIS ID user account, carry out the KYC to meet the standards established by the applicable laws, and/or provide you BASIS ID Services. The obligatory information has been marked in the App or the Website with an asterisk (*).
1.2 Information We Collect from Other Sources
In order to effectively carry out the KYC in accordance with the applicable anti-money laundering (“AML”) and terrorist financing prevention laws, we may also obtain information from other sources and combine that with information we collect through the Website or the App. For example, we may collect information available about you from publicly accessible websites, social media networks or public databases. We may also make inquiries to governmental agencies, financial institutions, international agencies and non-public third-party databases to verify the correctness of the information you have provided to us.
1.3 Information We Collect Automatically
When you use the App or the Website, we automatically collect the following information:
- Information provided to Service Providers: we collect data about which Service Providers you use and which personal data you are providing to the Service Providers via the App or the Website;
- Device and log information: we collect information about the computer or mobile device you use to access the Website, including device identifiers, mobile network information, type of operating system, and the type of browser used. We also log information about your use of the Website, including access times, pages viewed, IP address, other standard web log data, and the page visited before and after navigating to our websites.
1.4 Data received from Service Providers
2. USAGE OF YOUR PERSONAL DATA
2.1 We use, store, and process information, including your personal information, about you in order to carry out provide and ensure your access to the Services, improve and develop BASIS ID, and maintain a trusted and safer environment and comply with our legal obligations.
2.1.1 Providing and ensuring the access to the Services, improving and developing BASIS ID
- Your contact information, identification data and documentation, social network data, video recording as well as the data we obtain from other sources is used to carry out the KYC procedure that would meet the standards of the applicable anti-money laundering and terrorist financing prevention laws and standards (notably the Estonian Money Laundering and Terrorist Financing Prevention Act).
- Your user account data, contact information and the data we collect automatically in the course of your usage of the Services is used to provide you the Services, including managing your user account, providing customer support, sending updates, collecting fees, etc. Contact information and data we collect automatically is also used to prevent potentially prohibited or illegal activities carried out via the App or the Website and enforce the Terms.
- Device and log information is also used to measure and improve the Services that are available on the Website and the App.
- Bank account or credit card details to forward them directly to the payment Service Provider for processing payment. Note, that BASIS ID will not be able to access your bank account or credit card details at any time.
- Your social network data will be used for credit scoring purposes and to suggest services that you might be interested in connecting to the BASIS ID platform if you have provided us a separate consent to do so.
- We may receive your cryptocurrency wallet balance and information regarding transactions made via various Service Providers in order to integrate the services of the Service Providers into the user interface of BASIS ID Website or App and thereby enable you to use the services of various Service Providers directly in the App or the Website.
- We may also use the information about you for any other purpose for which the information was collected, provided that such purpose was disclosed to you at the time of collection or you provided a separate consent for processing your data for such purpose.
We process this information given our legitimate interest in improving the BASIS ID Platform and our clients’ experience with it, and where it is necessary for the adequate performance of the contract with you.
2.1.2 Creating and maintaining a trusted and safer environment
We use your personal data to:
- Detect and prevent fraud, spam, abuse, security incidents, and other harmful activity.
- Conduct security investigations and risk assessments.
- Verify or authenticate information or identifications provided by you (such as to verify your date of birth or compare biometric data you provided to your Passport/ID photo).
- Conduct checks against databases and other information sources, including Sanction Screening process, to the extent permitted by applicable laws and with your consent where required.
- Comply with all applicable laws, regulations, rules, directives, orders, instructions and requests from any local or foreign authorities, including regulatory, governmental, tax and law enforcement authorities or other authorities.
- Enforce obligations owed to us.
- Carry out financial reporting, regulatory reporting, management reporting, risk management (including monitoring credit exposures), audit and record keeping purposes.
- Resolve any disputes with any of our Users, responding to queries or feedback, and enforce our agreements with third parties.
- Enforce our Terms and Conditions and other policies.
We process this information given our legitimate interest in protecting the BASIS ID, to measure the adequate performance of our contract with you, and to comply with applicable laws.
2.1.3 Providing, personalizing, measuring, and improving our Advertising and Marketing.
- Should you indicate so separately via the App or the Website, we will use your name and e-mail to send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences (including information about BASIS ID or Service Provider’s services)
- To personalize, measure, and improve our advertising.
- For credit scoring purposes and to suggest services that you might be interested in connecting to the BASIS ID platform
We will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of your interest.
2.2 How the Service Provider uses the Information Collected
Please note that Service Provider, serving as the controller, has the access to certain amount of Personal Data you chose to disclose. Service Provider determines the purposes and means of the processing of Personal Data by BASIS ID, where the purposes and means of such processing are determined by applicable law. Service Provider uses your Information to:
- Enable you to access and use the Services;
- Detect and prevent fraud, abuse, security incidents, and other harmful activity;
- Conduct security investigations and risk assessments;
- Conduct checks against databases and other information sources;
- Comply with legal obligations (such as anti-money laundering regulations);
- Enforce the Terms and other policies;
- With your consent, send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences.
The Service Provider may process this information given its legitimate interest in improving the its services and its users’ experience with it, and where it is necessary for the adequate performance of the contract with you and to comply with applicable laws.
3. SHARING AND DISCLOSURE
3.1 BASIS ID shall make available your data to the third party to the extent you have consented to in accordance with your agreement with such third party.
3.2 We may, based on your consent, our agreements with third party Service Providers, and in compliance with applicable laws on data privacy, disclose your personal data to any personnel of BASIS ID or to third party Service Providers, whether located in Estonia or elsewhere, in order to carry out the purposes set out above. Please be assured that when we disclose your Personal Data to such parties, we require them to ensure that any Personal Data disclosed to them are kept confidential and secure. For more information about the third parties with whom we share your Personal Data, you may, where appropriate, wish to refer to the agreement(s) and/or terms and conditions that govern our relationship with you or our customer. You may also contact us for more information.
3.3 BASIS ID does not sell or trade your personal data to any third parties. As some of the BASIS ID Services may be provided by our affiliate companies, we may make your data available to our affiliate companies in order to provide you the Services. Our affiliate companies are:
Data Depot Asia PTE LTD, a limited liability company registered in Singapore under registration number 201713091C, address Block79 @ Launchpad, 79 Ayer Rajah Crescent, 05#08 Singapore 139955.
3.5 Please note that the Website and the App enable you to see and manage the data that you have made available to third parties via the BASIS ID Services. Furthermore, to the extent made available by BASIS ID, the App and the Website enable you to restrict third party Service Providers from further processing of your data or change the extent of the data that a particular third party Service Provider receives.
4. COMPLIANCE WITH LAW
4.1 BASIS ID may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against BASIS ID, (iii) to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iv) to enforce and administer our Terms and Conditions, or (v) to protect the rights, property or personal safety of BASIS ID, its employees, its Users, or members of the public.
4.2 Where appropriate, we may notify Users about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would create a risk of any related illegal activity on BASIS ID’s property, platform and/or human resources. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that User about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.
5. YOUR RIGHTS
5.1 You have a right to be informed of Personal Data controlled by BASIS ID, a right to rectification/correction, erasure and restriction of processing. You also have the right to receive from BASIS ID a structured, common and machine-readable format of Personal Data you provided to us.
5.2 We can only adhere to your request and provide information if we have Personal Data about you through you having made contact with us directly and/or you using our App, Website and/or service.
5.3 You can exercise your rights under GDPR Articles 13-23 against BASIS ID only for the Personal Data that is necessary to create your BASIS ID Account. We cannot provide, rectify or delete any data that we store on behalf of our users or customers. In order to exercise your rights for the Personal Data you choose to disclose to use the services of the Service Providers, please, contact your Service Provider.
5.4 Where you have provided consent, you may withdraw it at any time, without affecting the lawfulness of the processing that was carried out prior to withdrawing it. Whenever you withdraw consent, you acknowledge and accept that this may have a negative influence on the quality of the BASIS ID Website, App and/or Services. You further agree that BASIS ID shall not be held liable with respect to any loss and/or damage to your Personal Data if you choose to withdraw consent.
5.5 Where Personal Data is processed for the above purposes on the basis of BASIS ID’s legitimate interests, under the GDPR, you may object to such processing at any time.
5.6 You may exercise any of the rights described in this section by sending a respective request to email@example.com. Please note that we may ask you to verify your identity before taking further action on your request.
5.7 Managing your information
You may access and update some of your information through your Account settings. If you have chosen to connect your Account to a third-party Service Provider, you can change your settings and remove permission for the Service Provider by changing your Account settings. You are responsible for keeping your personal information up-to-date.
6. DATA RETENTION
We will retain your personal information only for so long as it is required for the purposes for which it was collected. This period may extend beyond the end of your relationship with us, but only for so long as is reasonably necessary for us to have sufficient information to respond to any legal issues that may arise after the end of your relationship with us or for as long as required by law. When your personal information is no longer required, we will destroy, delete or convert it into an anonymous form.
We may occasionally send you notification emails about updates to our product, legal documents, offer customer support or marketing emails. Except for cases where we are required to do so by law (e.g. notifying you of a data breach), you shall have the opportunity to unsubscribe from receiving these messages free of charge.
8. PROTECTION OF PERSONAL INFORMATION
We endeavor to maintain appropriate physical, procedural and technical safeguards with respect to our offices and information storage facilities in order to prevent any loss, misuse, or unauthorized access, disclosure, or modification of your personal information.
Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your device from a web site and stored on your device’s hard drive.
10. THIRD PARTY WEBSITES AND SERVICES
11. INFRINGEMENT OF PRIVACY
If you have any questions related to this policy or in case of any suspected infringement of your privacy, please contact us at firstname.lastname@example.org.
DataDepot OÜ, a limited liability company registered in Estonia under registration number 14078299, address Joala 3-6, Narva, Estonia, 139955.